What is the severity of CVE-2018-15460?

CVE-2018-15460 has a severity rating of 8.6 (high).

How does CVE-2018-15460 affect Cisco Email Security Appliances?

CVE-2018-15460 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by increasing the CPU utilization to 100 percent on the affected device.

What is the affected version of Cisco AsyncOS Software?

Versions up to and including 11.0.2-044_md and versions between 11.1.0 and 11.1.2-023_md of Cisco AsyncOS Software are affected.

How can I fix CVE-2018-15460?

To mitigate this vulnerability, it is recommended to upgrade to a fixed software release as per the guidance provided by Cisco in their security advisory.

Vulnerability/
CVE-2018-15460

high

8.6

CWE

770 20

10/1/2019

16/9/2020

CVE-2018-15460: Input Validation

Q: What is CVE-2018-15460?

CVE-2018-15460 is a vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA).

First published: Thu Jan 10 2019(Updated: )

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco AsyncOS	<11.0.2-044_md
Cisco AsyncOS	>=11.1.0<11.1.2-023_md
Cisco Email Security Appliance

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-15460?
CVE-2018-15460 is a vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA).
What is the severity of CVE-2018-15460?
CVE-2018-15460 has a severity rating of 8.6 (high).
How does CVE-2018-15460 affect Cisco Email Security Appliances?
CVE-2018-15460 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by increasing the CPU utilization to 100 percent on the affected device.
What is the affected version of Cisco AsyncOS Software?
Versions up to and including 11.0.2-044_md and versions between 11.1.0 and 11.1.2-023_md of Cisco AsyncOS Software are affected.
How can I fix CVE-2018-15460?
To mitigate this vulnerability, it is recommended to upgrade to a fixed software release as per the guidance provided by Cisco in their security advisory.

collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/tags
agent/description
agent/type
agent/event
vendor/cisco
canonical/cisco asyncos
version/cisco asyncos/11.1.0
canonical/cisco email security appliance

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.